ip inspect through ip security strip

ip scp server enable

To enable the router to securely copy files from a remote workstation, use the ipscpserverenable command in global configuration mode. To disable secure copy functionality (the default), use the no form of this command.

ipscpserverenable

noipscpserverenable

Syntax Description

This command has no arguments or keywords.

Command Default

The secure copy function is disabled.

Command Modes

Global configuration

Command History

Release

Modification

12.2(2)T

This command was introduced.

12.0(21)S

This command was integrated into Cisco IOS Release 12.0(21)S and support for the Cisco 7500 series and Cisco 12000 series routers was added.

12.2(18)SXD

This command was integrated into Cisco IOS Release 12.2(18)SXD.

12.2(25)S

This command was integrated into Cisco IOS Release 12.2(15)S.

12.2(33)SRA

This command was integrated into Cisco IOS release 12.(33)SRA.

Usage Guidelines

Use this command to enable secure copying of files from systems using the Secure Shell (SSH) application. This secure copy function is accomplished by an addition to the copy command in the Cisco IOS software, which takes care of using the secure copy protocol (scp) to copy to and from a router while logged in to the router itself. Because copying files is generally a restricted operation in the Cisco IOS software, a user attempting to copy such files needs to be at the correct enable level.

The Cisco IOS software must also allow files to be copied to or from itself from a remote workstation running the SSH application (which is supported by both the Microsoft Windows and UNIX operating systems). To get this information, the Cisco IOS software must have authentication and authorization configured in the authentication, authorization, and accounting (AAA) feature. SSH already relies on AAA authentication to authenticate the user username and password. Scp adds the requirement that AAA authorization be turned on so that the operating system can determine whether or not the user is at the correct privilege level.

Examples

The following example shows a typical configuration that allows the router to securely copy files from a remote workstation. Because scp relies on AAA authentication and authorization to function properly, AAA must be configured.